Hash Identifier
Updated May 7, 2026Not sure what a hash is? Detect whether it looks like MD5, SHA-256, bcrypt, or another type.
Hash Length Reference
| Hash Type | Hex Length | Bits | Example |
|---|---|---|---|
| CRC32 | 8 | 32 | 3610a686 |
| MD5 | 32 | 128 | 5d41402abc4b2a... |
| SHA-1 | 40 | 160 | aaf4c61ddcc5e8... |
| SHA-256 | 64 | 256 | 2cf24dba5fb0a3... |
| SHA-512 | 128 | 512 | 9b71d224bd62f3... |
| bcrypt | 60 | - | $2a$10$... |
Features
- Analyze hash length, character sets, and formatting
- Detect likely algorithms (MD5, SHA-1, SHA-256, bcrypt, NTLM, etc.)
- Identify common password hash formats (Unix crypt, LDAP)
- Check for salts, iterations, or potential Base64 encoding
- Client-side analysis of leaked hashes
Common Use Cases
- Determining what hashing logic a legacy application used
- Identifying the format of hashes found in leaked database dumps
- CTF (Capture The Flag) cybersecurity competitions
- Reverse engineering undocumented APIs
- Auditing database security and password storage mechanisms
Understanding Hash Identification
A hash is essentially just a string of bytes. Because they are often encoded as hexadecimal or Base64, determining exactly which algorithm produced a given string can be challenging. Hash identification tools use heuristics, pattern matching, and length checks to provide educated guesses.
Identification Factors:
- Length: A 32-character hex string represents 128 bits (likely MD5 or MD4). A 64-character hex string is 256 bits (likely SHA-256).
- Character Set: Is it strictly hexadecimal (0-9, a-f)? Does it include upper and lowercase letters with symbols (likely Base64 or bcrypt)?
- Prefixes/Signatures: Many modern password hashes use Modular Crypt Format (MCF). For example, a hash starting with
$2a$or$2b$is bcrypt. A hash starting with$6$is SHA-512 crypt.
Examples
Input: $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Result: Identified as bcrypt (Blowfish)Input: 5d41402abc4b2a76b9719d911017c592
Result: Possible algorithms include MD5, MD4, NTLM, MD2.Frequently Asked Questions
No. Many algorithms produce hashes of the exact same length and format. For example, a 32-character hexadecimal string could be MD5, MD4, or an NTLM Windows password hash. The tool provides the most probable candidates, but context is required to know for sure.
This is likely the Modular Crypt Format (MCF), a standard used primarily on Unix/Linux systems to store passwords. The string between the first and second `$` indicates the algorithm (e.g., 1 for MD5, 5 for SHA-256, 6 for SHA-512, 2a for bcrypt). The next segment is usually the cost factor or salt.
π‘ Tips
- If you encounter a hash ending in one or two `=` symbols, it is almost certainly Base64 encoded. Decode it from Base64 to Hex first to determine its true length and likely algorithm.
- In Windows environments, 32-character hex strings are frequently NTLM hashes, not MD5.